---
# tasklist for setting up the virthost server.

- name: set selinux to enforcing
  selinux: policy=targeted state=enforcing

# enable the advanced virt module
- name: enable the advanced virt module
  copy:
    dest: /etc/dnf/modules.d/virt.module
    content: |
      [virt]
      name=virt
      stream=av
      profiles=
      state=enabled
  tags:
  - virthost
  when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 8

- name: install openstack 7 repo file
  copy: src=rhel7-os.repo dest=/etc/yum.repos.d/rhel7-os.repo
  tags:
  - repos
  - rhel7-os-repo
  when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 7 and ansible_architecture == 'x86_64'

- name: install libvirt packages on rhel7 virthosts
  package: name={{ item }} state=present
  with_items:
  - qemu-kvm-rhev
  - qemu-kvm-tools-rhev
  - qemu-img-rhev
  - libvirt
  - virt-install
  tags:
  - packages
  when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 7 and ansible_architecture != 'aarch64'

- name: install libvirt packages on rhel8 or rhel9 virthosts
  package: name={{ item }} state=present
  with_items:
  - qemu-kvm
  - libvirt
  - virt-install
  tags:
  - packages
  when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int > 7

- name: install AAVMF uEFI tianocore on aarch64 rhel7 virthosts
  package: name={{ item }} state=present
  with_items:
  - AAVMF
  - qemu-kvm
  - qemu-img
  - libvirt
  - virt-install
  tags:
  - packages
  when: ansible_architecture == 'aarch64'

- name: install libguestfs-tools for ARMv7 VMs on aarch64 rhel7 virthosts
  package: name={{ item }} state=present
  with_items:
  - libguestfs-tools-c
  tags:
  - packages
  when: ansible_architecture == 'aarch64'

- name: install edk2-arm for ARMv7 VMs on aarch64 rhel9 virthosts
  dnf: name={{ item }} state=present disable_gpg_check=yes
  with_items:
    - https://kojipkgs.fedoraproject.org//packages/edk2/20220526git16779ede2d36/3.fc36/noarch/edk2-arm-20220526git16779ede2d36-3.fc36.noarch.rpm
  tags:
  - packages
  when: ansible_architecture == 'aarch64'

# install libvirtd.conf
#
# This provides us with the ability to use virt-manager from non root accounts.
#
- name: install libvirtd.conf
  copy: src="{{ files }}/virthost/libvirtd.conf" dest=/etc/libvirt/libvirtd.conf
  notify:
  - restart libvirtd
  tags:
  - config
  when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 7 and not inventory_hostname.startswith('virthost-aarch64-os')

- name: install libvirtd.conf
  copy: src="{{ files }}/virthost/libvirtd.conf.os" dest=/etc/libvirt/libvirtd.conf
  notify:
  - restart libvirtd
  tags:
  - config
  when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 7 and inventory_hostname.startswith('virthost-aarch64-os')

- name: enable libvirtd
  service: name=libvirtd state=started enabled=yes
  when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 7

#
# Disable lvmetad as it causes lots of problems with iscsi shared lvm and caching.
#
- name: disable lvmetad
  lineinfile: dest=/etc/lvm/lvm.conf regexp="^(.*)use_lvmetad = 1" line="\1use_lvmetad = 0" backrefs=yes
  failed_when: false
  tags:
  - config
  - nolvmetad

# Also kill the service with fire
- name: disable lvm2-lvmetad socket
  service: name=lvm2-lvmetad.socket state=stopped enabled=no
  check_mode: no
  failed_when: false
  tags:
  - config
  - nolvmetad

- name: set bridging to work right -
  copy: src="{{ files }}/virthost/99-bridge.rules" dest=/etc/udev/rules.d/99-bridge.rules
  notify:
  - restart bridge
  tags:
  - config
  when: ansible_distribution == 'RedHat' and ansible_distribution_major_version|int == 7

#
# Some virthosts we want to use nested virt (a tech preview in rhel 7.2)
# We need this module option set and then need to tweak the libvirt xml to enable it
#
- name: setup nested virt on virthosts with nested=true variable (x86_64)
  copy: src=kvm_intel.conf dest=/etc/modprobe.d/kvm_intel.conf
  when: nested == true and ansible_architecture == 'x86_64'

- name: setup nested virt on virthosts with nested=true variable (s390x)
  copy: src=kvm.conf dest=/etc/modprobe.d/kvm.conf
  when: nested == true and ansible_architecture == 's390x'

#
# On some hosts in the fedorainfracloud network we want to add some users to be able to manage
# their own vms. 
- name: add copr user to some virthosts that will run copr builders
  user: name=copr password_lock=true group=libvirt
  when: copr_build_virthost

#
# Add the copr ssh key to the copr account
#
- name: Add the copr ssh key to the copr account
  authorized_key: key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCeTO0ddXuhDZYM9HyM0a47aeV2yIVWhTpddrQ7/RAIs99XyrsicQLABzmdMBfiZnP0FnHBF/e+2xEkT8hHJpX6bX81jjvs2bb8KP18Nh8vaXI3QospWrRygpu1tjzqZT0Llh4ZVFscum8TrMw4VWXclzdDw6x7csCBjSttqq8F3iTJtQ9XM9/5tCAAOzGBKJrsGKV1CNIrfUo5CSzY+IUVIr8XJ93IB2ZQVASK34T/49egmrWlNB32fqAbDMC+XNmobgn6gO33Yq5Ly7Dk4kqTUx2TEaqDkZfhsVu0YcwV81bmqsltRvpj6bIXrEoMeav7nbuqKcPLTxWEY/2icePF" user=copr
  when: copr_build_virthost
